I am using the Envato platform for several years. My latest purchase is a popular wordpress theme. Everything seemed ok more or less but then I found something alarming.
In order to update the theme the developer requires to create and enter an Envato API token (in which they probable have access). The developer strictly requests amongst other permissions to enable “Download your purchased items”. That means that the developer can use this token to download every item I have bought from your platform (and I have many).
I have bought many templates from your platform and on every single one the purchase code of the item was enough in order to download updates.
Are you aware of this?
Is this compliant with your platform policies?
Why should I give access to all of my purchases to a developer in order to update a specific template?